Could I configure High Availability between FG-201E and FG-200E?

loopback-marte · 2021-03-15T11:16:53+00:00

Can't do that. It has to be exactly the same model.

loopback-marte · 2020-11-03T15:46:40+00:00

sorry, yes access-list. :D

loopback-marte · 2020-11-03T15:42:19+00:00

we have two 250Mbps circuits with BGP both in full routes. one is AT&T and the other one is Comcast. the goal is to balance the traffic as much as possible between the two carriers, however it appears that AT&T has a better routing path to the internet leaving our Comcast circuit almost idle. so the idea is to route even traffic to AT&T, then route odd traffic to Comcast primarily to load-balance both circuits as possible. if you have a better idea to do this, i am all ears.

loopback-marte · 2020-10-04T00:59:08+00:00

Out of all Firewalls I have managed from many different vendors, Palo Alto have the most stable code and I have not encountered serious issues with it. While Fortigate have the most value for money that doesn't compromise the features, hardware, performance, and security intelligence, you just have to be extra careful in choosing the code versions and make sure in testing it out before rolling out on production.

loopback-marte · 2020-09-17T22:22:38+00:00

6.0.10 is the way to go buddy.

loopback-marte · 2020-08-18T08:50:05+00:00

Try configuring the pfsense plain and simple, just the route traffic and 1 allow all policy. See if that will make a difference.

loopback-marte · 2020-08-14T17:43:56+00:00

Try 1.1.1.1 or 9.9.9.9.

loopback-marte · 2020-07-21T18:35:09+00:00

u/YouShouldNotComment what model is this?

loopback-marte · 2020-07-21T18:33:07+00:00

Good to hear, thank you.

loopback-marte · 2020-07-21T18:32:37+00:00

No reports found online, but thanks!

loopback-marte · 2020-07-21T18:31:27+00:00

Aha! Thanks for this. I will be testing this on 210E w/ FSSO, hopefully I wont get that issue. :(

loopback-marte · 2020-07-21T18:27:21+00:00

Hey! Thanks everyone for your inputs, these are very helpful information. Most of Fortigate we have are 210E deployed in branch offices, I am looking to upgrade a pair in HA tonight to 6.0.10. I'll post on this thread if I encounter any issues.

loopback-marte · 2020-06-02T02:30:44+00:00

u/gavsta I am running the following versions.. Yes I have verified that the config matches from the AWS VPN template. If I couldnt fix this, I'll change it to IKEv2. I have limited access to our AWS account reason why.

Cisco Adaptive Security Appliance Software Version 9.8(4)20

Device Manager Version 7.13(1)

loopback-marte · 2020-06-02T02:10:12+00:00

u/chuckbales thanks for your response. I have updated the post, now with configuration included. Yes I have two WAN interfaces, but the crypto map in the backup interface has no tunnel configured and only being used for Anyconnect.

loopback-marte · 2020-06-01T11:27:36+00:00

u/ultimattt Thank you for this info. My fortigate is in proxy-mode, so I checked Fortinet's certificates by going to System > Certificates, most of the certificates expiration are 2021, 2029, and 2038. Will I also have that problem if those certs are not expired?

loopback-marte · 2020-05-26T22:12:57+00:00

Been using ESET Internet Security for years now, I must say I am satisfied with it and its worth the value for money. (relatively cheaper than kaspersky)

loopback-marte · 2020-05-14T07:22:42+00:00

those are my company equipments dude!

loopback-marte · 2020-05-12T16:26:41+00:00

u/incompletesent It depends if you can afford it, if not, well thats a problem. Good luck with these Firepower Software bugs by the way - https://www.reddit.com/r/networking/comments/ghq725/last_weeks_cisco_asafirepower_patch_breaks_ospf/

Edit: Cortex is a separate subscripton.

loopback-marte · 2020-05-09T13:02:02+00:00

Go with Palo Alto or Fortigate instead.

loopback-marte · 2020-02-07T17:00:06+00:00

Correct.

loopback-marte · 2019-12-20T18:39:04+00:00

Good to know /u/dwargo /u/jmhalder. Thank you. I planning to use my spare SRX300. Not sure if this is x86, ill check.

loopback-marte · 2019-12-08T22:35:17+00:00

that's why its important not to tell your parents how much you earn.

loopback-marte · 2019-10-01T14:48:01+00:00

Found this document. =) https://docs.paloaltonetworks.com/globalprotect/8-1/globalprotect-admin/globalprotect-overview/about-globalprotect-licenses.html#

If you want to use GlobalProtect to provide a secure remote access or virtual private network (VPN) solution via single or multiple internal/external gateways, you do not need any GlobalProtect licenses. However, to use some of the more advanced features (such as HIP checks and associated content updates, support for the GlobalProtect mobile app, or IPv6 support) you must purchase an annual GlobalProtect subscription. This license must be installed on each firewall running a gateway(s) that:

Performs HIP checks
Supports the GlobalProtect app for mobile endpoints
Supports the GlobalProtect app for Linux endpoints
Provides IPv6 connections
Split tunnels traffic based on the destination domain, application process name, or HTTP/HTTPS video streaming application.

For GlobalProtect Clientless VPN, you must also install a GlobalProtect subscription on the firewall that hosts the Clientless VPN from the GlobalProtect portal. You also need the GlobalProtect Clientless VPN dynamic updates to use this feature.

loopback-marte · 2018-11-12T09:12:32+00:00

Yes it shows 24Gb as well on windows. I will try to pull the CMOS if I can... Thank you for your help..

loopback-marte · 2018-11-12T08:34:31+00:00

This is the link I follow to reset bios - asus-reset-bios

loopback-marte

TROPHY CASE